 |
|
|
|
| IBM DB2 database multiple security vulnerabilities | | Published: |  | 23.02.2007 | | Source: |  | BUGTRAQ | | SecurityVulns ID: |  | 7295 | | Type: |  | local | | Level: |  | 6/10 | | Description: |  | Multiple privilege escalations, file creation. |
| Affected: |  | IBM : DB2 8.1 | | | | IBM : DB2 9.1 | | CVE: |  | CVE-2007-1228 (IBM DB2 UDB 8.2 before Fixpak 7 (aka fixpack 14), and DB2 9 before Fix Pack 2, on UNIX allows the "fenced" user to access certain unauthorized directories.) | | | | CVE-2007-1089 (IBM DB2 Universal Database (UDB) 9.1 GA through 9.1 FP1 allows local users with table SELECT privileges to perform unauthorized UPDATE and DELETE SQL commands via unknown vectors.) | | | | CVE-2007-1088 (Stack-based buffer overflow in IBM DB2 8.x before 8.1 FixPak 15 and 9.1 before Fix Pack 2 allows local users to execute arbitrary code via a long string in unspecified environment variables.) | | | | CVE-2007-1087 (IBM DB2 8.x before 8.1 FixPak 15 and 9.1 before Fix Pack 2 does not properly terminate certain input strings, which allows local users to execute arbitrary code via unspecified environment variables that trigger a heap-based buffer overflow.) | | | | CVE-2007-1086 (Unspecified binaries in IBM DB2 8.x before 8.1 FixPak 15 and 9.1 before Fix Pack 2 allow local users to create or modify arbitrary files via unspecified environment variables related to "unsafe file access.") |
| Nortel NetDirect client for Linux weak permissions | | Published: | | 23.02.2007 | | Source: | | CVE | | SecurityVulns ID: | | 7293 | | Type: | | local | | Level: | | 5/10 | | Description: | | Weak permissions on temporary folder during installation. |
| CVE: | | CVE-2007-1057 (The Net Direct client for Linux before 6.0.5 in Nortel Application Switch 2424, VPN 3050 and 3070, and SSL VPN Module 1000 extracts and executes files with insecure permissions, which allows local users to exploit a race condition to replace a world-writable file in /tmp/NetClient and cause another user to execute arbitrary code when attempting to execute this client, as demonstrated by replacing /tmp/NetClient/client.) |
| Distributed Checksum Clearinghouse unauthorized management | | Published: | | 23.02.2007 | | Source: | | CVE | | SecurityVulns ID: | | 7294 | | Type: | | remote | | Level: | | 5/10 |
| Verisign multiple products ActiveX element buffer overflow | | Published: | | 23.02.2007 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 7296 | | Type: | | client | | Level: | | 6/10 | | Description: | | Buffer overflow in ConfigChk element. |
| CVE: | | CVE-2007-1083 (Buffer overflow in the Configuration Checker (ConfigChk) ActiveX control in VSCnfChk.dll 2.0.0.2 for Verisign Managed PKI Service, Secure Messaging for Microsoft Exchange, and Go Secure! allows remote attackers to execute arbitrary code via long arguments to the VerCompare method.) |
JBoss insecure defaults
updated since 22.02.2007 | | Published: | | 23.02.2007 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 7280 | | Type: | | remote | | Level: | | 5/10 | | Description: | | Web console and management instruments are available without authentication. |
| CVE: | | CVE-2007-1157 (Cross-site request forgery (CSRF) vulnerability in jmx-console/HtmlAdaptor in JBoss allows remote attackers to perform privileged actions as administrators via certain MBean operations, a different vulnerability than CVE-2006-3733.) | | | | CVE-2007-1156 (JBrowser allows remote attackers to bypass authentication and access certain administrative capabilities via a direct request for _admin/.) | | | | CVE-2007-1036 (The default configuration of JBoss does not restrict access to the (1) console and (2) web management interfaces, which allows remote attackers to bypass authentication and gain administrative access via direct requests.) |
| Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl) | | Published: | | 23.02.2007 | | Source: | | | | SecurityVulns ID: | | 7292 | | Type: | | remote | | Level: | | 5/10 | | Description: | | PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc. |
| Affected: | | WORDPRESS : WordPress 2.0 | | | | WORDPRESS : WordPress 2.1 | | | | WEBSPELL : webSPELL 3.01 | | | | CONNECTIX : Connectix Boards 0.7 | | | | DBIMAGEGALLERY : DBImageGallery 1.2 | | | | DBGUESTBOOK : DBGuestBook 1.1 | | | | DZCP : deV!Lz Clanportal 1.4 | | | | ULTIMATEFUNBOARD : Ultimate Fun Book 1.02 | | | | ONLINEWEBBUILDIN : Online Web Building 2.0 | | | | PEANUTKB : Peanut Knowledge Base 0.0 | | | | FLASHGAMESCRIPT : FlashGameScript 1.5 | | | | DESIGN4ONLINE : UserPages2 2.0 | | CVE: | | CVE-2007-1255 (Unrestricted file upload vulnerability in admin.bbcode.php in Connectix Boards 0.7 and earlier allows remote authenticated administrators to execute arbitrary PHP code by uploading a crafted GIF smiley image with a .php extension via the uploadimage parameter to admin.php, which can be later accessed via a direct request for the file in smileys/. NOTE: this can be leveraged with a separate SQL injection issue for remote unauthenticated attacks.) | | | | CVE-2007-1254 (SQL injection vulnerability in part.userprofile.php in Connectix Boards 0.7 and earlier allows remote authenticated users to execute arbitrary SQL commands and obtain privileges via the p_skin parameter to index.php.) | | | | CVE-2007-1167 (inc/filebrowser/browser.php in deV!L`z Clanportal (DZCP) 1.4.5 and earlier allows remote attackers to obtain MySQL data via the inc/mysql.php value of the file parameter.) | | | | CVE-2007-1165 (Multiple PHP remote file inclusion vulnerabilities in DBGuestbook 1.1 allow remote attackers to execute arbitrary PHP code via a URL in the dbs_base_path parameter to (1) utils.php, (2) guestbook.php, or (3) views.php in includes/.) | | | | CVE-2007-1164 (Multiple PHP remote file inclusion vulnerabilities in DBImageGallery 1.2.2 allow remote attackers to execute arbitrary PHP code via a URL in the donsimg_base_path parameter to (1) attributes.php, (2) images.php, or (3) scan.php in admin/; or (4) attributes.php, (5) db_utils.php, (6) images.php, (7) utils.php, or (8) values.php in includes/.) | | | | CVE-2007-1147 (PHP remote file inclusion vulnerability in view.php in hbm allows remote attackers to execute arbitrary PHP code via a URL in the hbmpath parameter.) | | | | CVE-2007-1146 (PHP remote file inclusion vulnerability in function.php in arabhost allows remote attackers to execute arbitrary PHP code via a URL in the adminfolder parameter.) | | | | CVE-2007-1078 (PHP remote file inclusion vulnerability in index.php in FlashGameScript 1.5.4 allows remote attackers to execute arbitrary PHP code via a URL in the func parameter.) | | | | CVE-2007-1077 (SQL injection vulnerability in page.asp in Design4Online UserPages2 2.0 allows remote attackers to execute arbitrary SQL commands via the art_id parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.) | | | | CVE-2007-1059 (PHP remote file inclusion vulnerability in function.php in Ultimate Fun Book 1.02 allows remote attackers to execute arbitrary PHP code via a URL in the gbpfad parameter. NOTE: some sources mention "Ultimate Fun Board," but this appears to be an error.) | | | | CVE-2007-1058 (SQL injection vulnerability in user_pages/page.asp in Online Web Building 2.0 allows remote attackers to execute arbitrary SQL commands via the art_id parameter.) | | | | CVE-2007-1049 (Cross-site scripting (XSS) vulnerability in the wp_explain_nonce function in the nonce AYS functionality (wp-includes/functions.php) for WordPress 2.0 before 2.0.9 and 2.1 before 2.1.1 allows remote attackers to inject arbitrary web script or HTML via the file parameter to wp-admin/templates.php, and possibly other vectors involving the action variable.) | | | | CVE-2007-1039 (Unspecified vulnerability in Peanut Knowledge Base (PeanutKB) 0.0.3 and earlier has unknown impact and attack vectors.) |
| Mac OS X ImageIO integer overflow | | Published: | | 23.02.2007 | | Source: | | CVE | | SecurityVulns ID: | | 7299 | | Type: | | library | | Level: | | 6/10 | | Description: | | Integer overflow on GIF images parsing. |
| Affected: | | APPLE : Mac OS X 10.4 | | CVE: | | CVE-2007-1071 (Integer overflow in the gifGetBandProc function in ImageIO in Apple Mac OS X 10.4.8 allows remote attackers to cause a denial of service (segmentation fault) and possibly execute arbitrary code via a crafted GIF image that triggers the overflow during decompression. NOTE: this is a different issue than CVE-2006-3502 and CVE-2006-3503.) |
| Mercur Messaging 2005 multiple security vulnerabilities | | Published: | | 23.02.2007 | | Source: | | CVE | | SecurityVulns ID: | | 7300 | | Type: | | remote | | Level: | | 5/10 | | Description: | | Multiple DoS conditions and buffer overflows. |
| Affected: | | MERCUR : MERCUR Messaging 2005 | | CVE: | | CVE-2006-7041 (The SMTP service in MERCUR Messaging 2005 before Service Pack 4 allows remote attackers to cause a denial of service (infinite loop) via a message in which neither the originator nor recipient address is known.) | | | | CVE-2006-7040 (Unspecified vulnerability in MERCUR Messaging 2005 before Service Pack 4 allows remote attackers to cause a denial of service (crash) via a TOP command to the POP3 service.) | | | | CVE-2006-7039 (The IMAP4 service in MERCUR Messaging 2005 before Service Pack 4 allows remote attackers to cause a denial of service (crash) via a message with a long subject field.) | | | | CVE-2006-7038 (Multiple buffer overflows in MERCUR Messaging 2005 before Service Pack 4 allow remote attackers to cause a denial of service (crash) via (1) "long command lines at port 32000" and (2) certain name service queries that are not properly handled by the SMTP service.) |
Multiple browsers OnUnload event handler different vulnerabilities
updated since 23.02.2007 | | Published: | | 28.02.2007 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 7297 | | Type: | | client | | Level: | | 6/10 | | Description: | | Different memory corruptions because of race conditions in OnUnload handler. In addition address bar spoofing and creation of pages can not be left is possible. |
| Affected: | | MICROSOFT : Windows 2000 Server | | | | MICROSOFT : Windows 2000 Professional | | | | MICROSOFT : Windows XP | | | | MICROSOFT : Windows 2003 Server | | | | MOZILLA : Firefox 1.5 | | | | MOZILLA : Firefox 2.0 | | | | MICROSOFT : Windows Vista | | | | OPERA : Opera 9.20 | | CVE: | | CVE-2007-1256 (Mozilla Firefox 2.0.0.2 allows remote attackers to spoof the address bar, favicons, and document source, and perform updates in the context of arbitrary websites, by repeatedly setting document.location in the onunload attribute when linking to another website, a variant of CVE-2007-1092.) | | | | CVE-2007-1095 (Mozilla Firefox does not properly implement JavaScript onUnload handlers, which allows remote attackers to run certain JavaScript code and access the location DOM hierarchy in the context of the next web site that is visited by a client.) | | | | CVE-2007-1094 (Microsoft Internet Explorer 7 allows remote attackers to cause a denial of service (NULL dereference and application crash) via JavaScript onUnload handlers that modify the structure of a document.) | | | | CVE-2007-1092 (Mozilla Firefox 1.5.0.9 and 2.0.0.1, and SeaMonkey before 1.0.8 allow remote attackers to execute arbitrary code via JavaScript onUnload handlers that modify the structure of a document, wich triggers memory corruption due to the lack of a finalize hook on DOM window objects.) | | | | CVE-2007-1091 (Microsoft Internet Explorer 7 allows remote attackers to prevent users from leaving a site, spoof the address bar, and conduct phishing and other attacks via onUnload Javascript handlers.) |
Mozilla Firefox information leak
updated since 23.02.2007 | | Published: | | 23.02.2008 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 7298 | | Type: | | remote | | Level: | | 4/10 | | Description: | | It's possible for script to check if given web page was visited by user. |
| Affected: | | MOZILLA : Firefox 1.5 | | | | MOZILLA : Firefox 2.0 | | CVE: | | CVE-2007-1116 (The CheckLoadURI function in Mozilla Firefox 1.8 lists the about: URI as a ChromeProtocol and can be loaded via JavaScript, which allows remote attackers to obtain sensitive information by querying the browser's session history.) |
|
|
|
|
|
|
|
|
